Azure Custom Extensions Blob return 403 Forbidden

I've tried to run a custom script to install software silently to my Windows Scaleset Here is my configurations Arm template added to virtualMachineProfile like child resource to ExtensionProfile here is the code

 {   
       "name": "InstallSomeCoolStuffs",
        "properties":{
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.10",
        "autoUpgradeMinorVersion": true,
        "settings": {},
        "protectedSettings": {
        "commandToExecute": "powershell -ExecutionPolicy Unrestricted -File myscript.ps1",
        "managedIdentity": {},
        "fileUris": ["https://someblob.blob.core.windows.net/src/myscript.ps1"
          ]
       }
   }
},

The problem was when I tried to Deploy the ARM template with enabled managed identity and add Contributor role to Storage Account failed with message:

        "message": "VM has reported a failure when processing extension 'MyScript'. Error message: \"Failed to download all specified files. Exiting. Error Message: The remote server returned an error: (403) Forbidden.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot "

1. Tried to move fileUris to Settings section same error.
2. Different typeHandlerVersion 1.19,1.10,1.17.
3. Tried to add {objectID:} ScaleSet identity id It works only if remove managed identity and add StoraceAccountName: StorageAccountKey: What I am missing?

Thank you!

I found a solution if someone gets the same problem.

1. Make sure in the settings section is added fileUris and timestamp, timestamp is something like versioning on your script, every time you pass a larger integer will create a new version and trigger the script and you can check the output to Windows VM C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.10.2\Status
2. Make sure you add a Storage Blob Data Reader Role Assignment to scaleset identity